2 Answers
2

A Sybil attack occurs when one actor acts as multiple separate entities. Because many distributed systems have no form of identity management beyond accounts, and because accounts are trivially created, any actor can create an unbounded number of accounts.

This is a problem if, for instance, you want to implement a voting system, or in other situations where who someone is, or whether two different identifies refer to the same person matters, such as an auction (where allowing the seller to bid on their own items would give them an unfair advantage).

There are several ways to mitigate this, depending on your constraints:

Use a mutually trusted external identity provider to determine who can do things.

Manually authorize which identities are allowed to do things using some out-of-band mechanism.

Require participants to stake something there's a limited quantity of, such as ether, so that they gain no advantage by pretending to be multiple different participants at once.

Option 3 is the easiest to implement in many cases, but isn't universally applicable; for instance, in a system like Quadratic Voting, 100 ether pledged by one person holds less weight than 10 ether pledged by each of 10 people, so an attacker still has an incentive to use multiple identities.

The Sybil attack in computer security is an attack wherein a reputation system is subverted by forging identities in peer-to-peer networks. It is named after the subject of the book Sybil, a case study of a woman diagnosed with dissociative identity disorder.

And:

In a Sybil attack the attacker subverts the reputation system of a peer-to-peer network by creating a large number of pseudonymous identities, using them to gain a disproportionately large influence.